There are more than 30 billion IoT and connected devices deployed today – and that number is expected to increase to 50 billion in the next five years. Digital transformation has led to the inevitable increase of these devices – however, their scale and diversity, and their capacity for network connectivity introduces significant risks. These devices can’t be secured or managed like normal desktops, laptops and servers and typically cannot be patched, making many of them a potential attack vector that must be secured.
The significance of connected device security has been highlighted in the midst of the COVID-19 pandemic. With remote working becoming the norm, many organisations have focussed on securing home workers and, arguably, have taken their eye off the ball when it comes to securing their IoT devices. How then can organisations deal with this issue, efficiently, at scale?
The first step is to obtain full visibility of exactly what is attached to their networks. This seems like a somewhat trivial task, but with the emergence of ‘shadow IT’ - the practice of stakeholders outside of the IT department connecting equipment to infrastructures – this is a vital step. Put simply, you can’t secure what you don’t know exists. Granular, real-time visibility about devices such as make, model, serial number can then help identify risks such as devices with recalls or running obsolete operating systems.
Once you know what’s in your network, the next step is understanding what the devices are doing. You can’t secure what you don’t understand. For example, knowing a device is an infusion pump isn’t enough, you must understand it’s functionality at the core to protect it. Mapping communications patterns allows you to surface anomalous patterns of behavior that could signify a threat.
Finally, these devices must be secured. There’s a number of ways to approach this challenge. Technology gives enterprises the power to identify, regulate and secure these devices, mitigating potential vulnerabilities. By leveraging smart platforms and artificial intelligence, they can get data insights on all devices connected to their network, spot and address vulnerabilities at scale, thereby securing their infrastructure.
The essential role of IoT security in digitisation
Digital transformation, as well as the impact of the pandemic, has accelerated the use of IoT devices, as companies adapt to COVID-19 safety precautions and the “new normal”. Globally, organisations have been forced to shift to a remote work mandate overnight, deploying or allowing connected devices on their network. That is why it’s more crucial than ever to bring order to connected device security, leveraging smart technologies and AI to generate and automate security policies to safeguard your network.
Although organisations are starting to truly embrace data and realise that what they really want is information and knowledge they can use within their current workflows, they need to tap into the increasing amount of data produced from connected devices and endpoints to drive digital transformation. Common examples include motion sensors in supermarkets, as it’s useful to understand how customers flow around a space. Choke points, for example, are a good place for product placement. Similarly, temperature sensors can tell if a freezer unit is faulty. In hospitals, sensors on a patient’s bed can identify if they have attended theatre and whether they are back on a ward or traversing the hospital.
By protecting and leveraging existing data and assets, companies across a range of industries can eliminate guesswork and enable cross-functional asset visibility, mitigate risks, accelerate innovation and operations that can drive the business forward. They can increase collaboration across all stakeholders and increase IT efficiency – ultimately moving their business forward to the new era of working.
Bringing order to the chaos of unmanaged and IoT devices
Most enterprises today aren’t properly regulating all of the connected devices they’re using—and may not even be aware many of them exist, again, through ‘shadow IT’. In fact, according to a recent report, data breaches on average cost $3.86 million. This number is expected to grow, as the number of devices connecting to enterprise networks will increase in the coming months, posing a clear risk to critical assets. And, although IoT is one of the key digital transformation technologies, organisations need to now look beyond just their IoT devices, to properly protecting what’s on their network – from workstations and office devices to facility devices – and the network itself from nefarious activity. The ability to secure these devices – from traditional servers, workstations and PCs to IoT, IoMT and OT devices – at scale will make or break companies in the coming year.
Businesses should develop a comprehensive approach to securing them, including discovery, classification, profiling of risks and automated segmentation. However, this can be a daunting task without the right tools. A purpose-built platform can offer visibility and security across all connected devices in the network at a glance, profile device behaviour and risks, and then automate appropriate action to address them effectively.
With all devices categorised and with risks and behavior understood , IT and security teams can generate and assign appropriate segmentation policies for high-risk, vulnerable and mission-critical devices. These policies can control how each device communicates, what resources they can and cannot access, and to ensure every new device and service is risk-assessed and secured in real time. Such a system therefore acts as an ‘orchestrator’, automatically generating policy that is passed down to the underlying infrastructure to protect attached devices.
Safe-proofing your organisation in a post-covid world
In order for any business to truly grasp their security needs, they have to know exactly what is connected, and futureproof themselves against increased risks presented post-COVID. By maintaining a real-time directory of assets—as well as the associated security risks— IT teams can gain insights on device behaviour and automatically generate policies to protect them. Because devices have deterministic functions, Zero Trust proactive policies that enable devices the access they need while limiting exposure can mitigate risk, and substantially reduce their ‘threat surface’.
Furthermore, a proactive, end-to-end, security strategy and platform to secure connected devices across the existing infrastructure is crucial to drive efficiencies across the entire organisation and thrive in a post-Covid world. From operational efficiencies down to increasing asset life and supporting new initiatives with free-up resources - leveraging smart platforms to secure their most mission-critical assets will empower businesses to accelerate their digitisation journeys.